]> git.wh0rd.org Git - tt-rss.git/commitdiff
properly check for article ownership in getArticleFeed()
authorAndrew Dolgov <fox@bah.org.ru>
Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
committerAndrew Dolgov <fox@bah.org.ru>
Tue, 29 Dec 2009 13:19:53 +0000 (16:19 +0300)
functions.php

index 464a2cbdd3f9c0e240aa9d12671ab59de77f1cec..6621b361ee2a6de9073e93f1f2ee1cf4efa2fcd6 100644 (file)
 
        function getArticleFeed($link, $id) {
                $result = db_query($link, "SELECT feed_id FROM ttrss_user_entries 
-                       WHERE ref_id = '$id'");
+                       WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 
                if (db_num_rows($result) != 0) {
                        return db_fetch_result($result, 0, "feed_id");